Ireland

Privacy Culture

Dublin is a host to a wide range of tech giants that increase its economic significance on the world map. The multinational headquarters make the Irish Office of the Data Protection Commissioner (DPC) a leading authority under a global spotlight. That is why, when it comes to privacy & data protection, Ireland can be considered a special jurisdiction.

According to the EuroBarometer Survey on Data Protection issued by the European Commission more than a quarter of the respondents feel they have no control over the information provided online and 83% claim to be concerned about companies using personal information for a different purpose from the one it has been collected for. Irish perceptions of and attitudes towards personal data are similar to what most Europeans think.

Legal History

The basic acts regulating data protection & privacy in Ireland are the Data Protection Acts of 1988 and 2003 (DPA). These acts transpose the requirements of the EU Directive 95/46/EC into national legislation.

There are a number of additional acts that complement the requirements of the basic Acts. The most recent of these feature:

•Data Protection Act 1988 (Commencement) Order 2014 - it is an administrative consolidation and update of the basic governing law;

•Data Protection (Amendment) Act 2003 (Commencement) Order 2014 - it is an update to the basic governing law;

•European Communities (Electronic Communications Networks and Services) Regulations 2011 (Privacy and Electronic Communications) (e-Privacy Regulations) - it is an act to implement EU law in relation to communication services providers and their data protection obligations.

Enforcement and Court Action

The primary body responsible for the enforcement of data protection & privacy laws in Ireland is the DPC. The office has investigatory powers and can order the performance of an audit. The DPC has no power to issue penalties for breaching the DPA, but can prosecute organisations for the DPA and e-Privacy Regulations contraventions. In its annual reports, the DPC often criticises Irish companies and Government Departments for not taking sufficient account of data protection legislation.

Usually investigations are preceded by complaints by data subjects. If the DPC is of the opinion that there may be a breach of the DPA it will initiate investigations. The DPC has powers to appoint an 'authorized officer', who conducts investigations in the form of a privacy audit. The authorised officer has broad competences to enter and examine the premises of the data controller or data processor. Obstructing or impeding the work of the authorised officer constitutes an offence. In general, the DPC seeks to resolve complaints through an amicable solution. Nevertheless, the Commissioner has powers to issue information and enforcement notices and 'name and shame' non-compliant data controllers in the DPC's annual report. Most notably, the DPC prosecutes breaches of the DPA and the e-Privacy Regulations. Under the DPA, prosecution may result in a fine ranging from 3.000,00 EUR to 100.000,00 EUR. Breach of the e-Privacy Regulations can result in a maximum fine of 50.000,00 EUR for natural persons and 250.000,00 EUR for corporate bodies. In addition, the DPC publishes a series of guidelines for businesses to help their compliance efforts.

Corporate Risk

Dublin hosts a multitude of tech giants that have had their impact on the on both Public and Private sectors in Ireland. These include the multi-billion business of Facebook, LinkedIn, Amazon, eBay, Intel, IBM, Airbnb, and Instagram. These corporations have shaped not only the Irish technology business but have also provided a lot of work to the Irish legal industry. They have also spearheaded the Irish DPC as one of the leading data protection authorities in the world.

In 2014 the DPC received 960 complaints. Nevertheless, only 27 required formal decision and the rest were resolved by means of amicable solution. 9 entities were prosecuted, the DPC issued 3 enforcement notices and 9 information notices. The DPC's annual reports make clear that often, the authority does not take action to fine an organisation as the organisation declares that it will make a voluntary donation to a particular charity.

In 2015 the number of complaints compared to 2014 decreased to 932. The largest single category of complaints related to access rights, which accounted for over 60% of the total number. 51 audits and inspections were carried out, including those on major holders of personal data in the public and private sectors. The DPC issued 3 Statutory Enforcement Notices.

Future Outlook

Data protection & privacy laws in Ireland are very dynamic. For example, recently a constitutional challenge brought by an NGO called Digital Rights Ireland in 2014 reached the Court of Justice of the European Union. As a result, the 2006 Data Retention Directive was declared invalid not only in Ireland, but across the European Union.

Currently, the DPC does not have the direct power to impose fines (these come via prosecution). However, the DPC will be granted the power to levy vast fines on some of the world's largest tech firms under the newly adopted General Data Protection Regulation (GDPR) on the basis of their Dublin headquarters. Further, the DPC might become a 'leading authority' within the meaning of the GDRR one-stop-shop principle, requiring companies to deal with only one EU authority when conducting business across the Continent.

The DPC remains the lead regulator on privacy issues for companies such as Apple, Facebook or Yahoo!, since Ireland is where their European headquarters are. In May 2018, when the GDPR will enter into force the monetary penalties will be significant with a maximum fine of 4% annual global turnover or up to 20m EUR, whichever is higher. When the DPC gains these powers to impose such fines, it will become one of the most important data protection& privacy authorities in the business world.

Our consultants have been leading the way in data privacy/protection recruitment since the earlier years of data protection legislation

Specialists in data protection recruitment for all sectors and all international geographies

We hire privacy focused law graduates and CIPP qualified candidates for our own in-house research team.

DPR have market-leading data protection and information governance recruitment experience, and always provide a professional efficient and friendly service.

Head of Data Protection Consulting.

Hugo at DPR who manages the team has been the leading name in data privacy/protection recruitment from the beginning, DPR is the leading company in data privacy recruitment and they deliver on UK and international vacancies efficiently and effectively.

Deputy Chief Privacy Officer

If you need to recruit additional support or leadership within your organisation, or if you are interested in developing your own data protection career, then I highly recommend Data Privacy Recruitment Ltd.

Senior Executive, International Data Privacy

Data Privacy recruitment provided in-depth information about the UK privacy legal services market both in-house and private practice, their knowledge of the market is outstanding. For me it was their professionalism and support that really made the difference, I would highly recommend to any lawyer who is looking to further develop their career in the privacy market

Data Privacy Lawyer

DPR

"Always professional, confidential and reliable, our success is as a result of market knowledge, experience and how we work with our clients and candidates."

Address

Data Privacy Recruitment LTDLondon

Notice:
Data Privacy Recruitment has updated its website in compliance with the
EU Cookie Legislation.
Please review our policy to find out about which cookies we use and what information we collect on our website.
By continuing to use this site, you are agreeing to our policy.